Beginning with WordPress

WPBeginner was founded by Syed Balkhi as an effort to educate anyone who is new to the WordPress platform. The site focuses on the "how" and "why" of using the WordPress content management system. Powering more than 25% of all websites worldwide, WordPress has quickly become the world’s most popular CMS. The far reaching appeal of WordPress likely stems from the platform’s flexibility and accessibility for beginners. Anyone can find free themes that span from photography to eCommerce. The dashboard is easy to use, and SEO friendliness is built in.

These features work in concert to provide high value along with low barriers to entry for sole proprietors and small, medium, and large scale business ventures alike. Similarly, WPBeginner derives its purpose from helping a wide range of people and businesses succeed online. The organization works to minimize entry level confusion and truly empower visitors to take advantage of the WordPress open source community. By offering tips, tricks, warnings, widgets, plugins, reviews and how-to's, WPBeginner illuminates the path to a functional WordPress-based web presence. In 2013, WPBeginner put out a review of Sucuri detailing the benefits of our WordPress plugin. Though the statistics are difficult to track, it could easily be stated that WPBeginner has helped launch and or save thousands of websites and businesses.

Give a Little, Gain a Lot

Having assisted so many, it is no surprise WPBeginner has grown to its current vast reach. As one of the most popular sites online, understandably it receives a high volume of daily traffic. The site currently serves more than 300,000 page views daily (on average) and a monthly total exceeding 9 million. It is no simple task to build an infrastructure able to sustain a site as popular as WPBeginner. Maintaining functionality, speed and availability in the face of attacks is a separate set of hurdles altogether.

WPBeginner.com was no exception to the rule. Over time, the site’s traffic began to present its own share of challenges. Serious challenges.

We would get a lot of feed attacks, which is aggressive DDoS-style attacks where bots would hit our feed and scrape it. We would try to block the caches, but there were times we would get tens of thousands of people with requests coming from just one IP address trying to get feed access, trying to bust the cache. Anytime they were able to bust the cache, they could DDoS the site.

In addition to suffering DDoS attacks, there was the issue of brute force attempts. The issue is so prevalent among the WordPress community that WPBeginner published a blog post about the malicious attempts years ago. To offer perspective, during one month (from August 2015 to September 2015) Sucuri tracked more than 1 billion brute force attempts on WordPress websites. The increased server load and consistent attacks weighed heavily on the site and caused performance problems that required the attention of a specialist and a large amount of Syed’s valuable time in direct management. When presented with this problem, Syed turned to a recommendation.

A Proven Solution

The young entrepreneur, Syed (who is also the founder of OptinMoster and List25) always had both an appreciation for and an understanding of website security. However, a few years ago, Syed entrusted his personal website security with Sucuri in a move to maximize his time. The experience was greatly successful. Following several challenges with his other venture, Syed moved List25.com behind Sucuri’s Web Application Firewall (WAF) in early 2015. In the first few months after the move, he took note of a few important facts. The site had logged nearly 180,000 blocked malicious attempts.

The issues we’ve experienced in the past motivated this move. After I tested the Sucuri service on List25 and my personal site, I just committed to getting additional sites added to my account.

High Expectations

Drawing from previous experience, Syed established high expectations from Sucuri security services, in particular the Web Application Firewall. To be advantageous, the firewall needed to successfully mitigate potential attacks (regardless of size or complexity) and reduce the amount of time Syed and his team spent engaging in security space for WPBeginner. Within weeks, the statistics showed that the expectation had both been met and exceeded.

Overachievement

Within the first three months, WPBeginner.com saw more than 450,000 blocked attacks. That is more than double the number of blocked attacks List25 saw in its first 3 months on the firewall.

The top 11 frequent types of blocked attacks were:

Type

Blocked Attempts

1. Exploit blocked by virtual patching

84,011

2. Blacklisted IP address

72,495

3. Bad bot access denied

72,495

4. Backdoor location denied

29,690

5. DDOS attempt blocked

29,676

6. Fake bot access

29,571

7. Evasion attempt denied

21,887

8. Exploit blocked by virtual patching

17,078

9. Exploit blocked by virtual patching

14,857

10. Spam request blocked

14,857

11. Scanning tool blocked

13,842

Though definitely a positive result, there was yet another equally intriguing fact. An often overlooked benefit of Sucuri’s WAF became blatantly obvious in the months following WPBeginner’s move onto CloudProxy. Syed states, plainly:

Our server load has come down on WPBeginner - insanely! Security is a big thing and is the primary reason we use Sucuri, but the added benefit is the speed aspect - because everything goes through the WAF and it’s that much faster.

Managing more than 9 million site visits per month is not a simple task. Maintaining site availability, especially at WPBeginner’s level of popularity, requires ingenuity and attention in many different areas. Still, page load time and overall server load can easily become impactful issues. In this instance, WPBeginner’s server core use had previously peaked north of 3 cores and could quickly become overwhelmed in the event of a DDOS or Brute Force attempt was made. After taking advantage of Sucuri’s Web Application Firewall, the situation was remedied.

For me, the biggest advantage of using Sucuri is that I don’t have to get a server admin anymore. I don’t need a 5th admin, because before, the 5th admin’s job was to monitor the server and recognize and mitigate any attacks. I had a 5th admin, part-time and I was paying $2,500/month to keep him on retainer.

Note: Many of our loyal customers are part of our referral program and earn money by referring new customers to Sucuri. It is our goal to provide such excellent service that you want to share it with others. Learn more about our referral program or contact us if you wish to be featured in a case study!

WHY SUCURI?

Thought Leaders in Website Security

Sucuri has been involved specifically in the website security space over 6 years, analyzing what attackers do and how they do it. This knowledge is at the core of how the technology is built.

Simple Deployment

There is no installation required, the technology is quickly enabled via the Sucuri dashboard and at the DNS level. Changes can be made via an A record switch, or full DNS management.

Active Vulnerability Research

Sucuri’s research is second to none when it comes to vulnerability exploit attempts. Our research is widely distributed and syndicated across all major media and security outlets.

Enterprise Affordability

Budgets are tight, demand is high. Sucuri has the luxury of size and youth, we bring the right level of enthusiasm, adaptability, and technology to the enterprise website security game.